Description of problem: If a non admin user calls a GET API on satellite.example.com/katello/api/capsules/1, it fails with response : "message": "Resource smart_proxy not found by id '1'" Non admin user has "view_smart_proxies" permissions assigned. Even if all available persmissions are assigned to the user, the error response is same. User is able to query information for all capsules i.e GET on /katello/api/capsules/ but not for a particular ID /katello/api/capsules/:id The API /katello/api/capsules/:id is called by bootstrap.py script with --new-capsule switch so bootstrap.py cannot be run with non admin user. Version-Release number of selected component (if applicable): 6.4 6.5 How reproducible: Always Steps to Reproduce: 1. Create a user role and assign all available permissions to it. Create a user and assign the role to the user. User should be non admin 2. Run following api with above user and it fails # curl -u user:password https://satellite.example.com/katello/api/capsules/1 Actual results: APi fails with response "message": "Resource smart_proxy not found by id '1'" Expected results: Non admin user should be able to call that API with appropriate permissions assigned
Is the user assigned to the same organization and location as the capsule? Does the user have permission to view_organizations and view_locations (potentially limited to only these)?
Marek: Yes, the user was already assigned to the same organization and location as the capsule, and the user's role already had the view_organizations and view_locations permissions.
Created redmine issue https://projects.theforeman.org/issues/30385 from this bug
Upon review of our valid but aging backlog the Satellite Team has concluded that this Bugzilla does not meet the criteria for a resolution in the near term, and are planning to close in a month. If you have any concerns about this, please contact your Red Hat Account team. Thank you.
Thank you for your interest in Satellite 6. We have evaluated this request, and while we recognize that it is a valid request, we do not expect this to be implemented in the product in the foreseeable future. This is due to other priorities for the product, and not a reflection on the request itself. We are therefore closing this out as WONTFIX. If you have any concerns about this feel free to contact your Red Hat Account Team. Thank you.